[LINK] 'Parasitic grid' could undermine wireless revenues

felipe rodriquez felipe@xs4all.nl
Sat, 1 Sep 2001 00:10:07 +1000 

Hi,

> Perhaps the routing and security aspects of 3G will be applied to
> Wifi? These are certainly areas to be addressed. Poll: will they be
> solved by a group of individuals banging out a linux-like solution or
> a committee like those clever engineers that found the IPv6 solution
> to the problem of limited global IP addresses.

Wifi certainly needs more security. With MS-Windows it is relatively simple
to sniff WiFi packets with commercial sniffing software such as Airopeek or
Sniffer Pro Wireless. Alternatively one could use Linux to achieve the same
at hardware cost with the right WiFi client adaptor, drivers and sniffing
software. Of course WiFi includes the WEP 40 or 128 bits encryption
protocols, but these have been cracked, and exploits that generate the
crypto key are readily available on the Internet. Anyone that invests a
couple of hours of research and implementation time into WEP/WiFi security
cracking is able to sniff WiFi traffic with the tools that are available
online.

For hackers this is a potential haven; drive through a city with WiFi access
port mapping software to locate access points and to see if encryption is
turned on/off. Then pick a target access point, sniff that AP to find
relevant information about the gateway, IP range and MAC addresses. Then use
that access point as a launch pad to crack other systems. With a good
antenna one should be able to use access points at hundreds of meters
distance, thereby becoming very difficult to trace for anyone without RF
equipment that can triangulate your position.

WiFi is a great technology, but immature, and we have certainly not heard
the last about its potential for abuse.

If you use WiFi, consider applying a software VPN layer on all WiFi traffic,
to secure the content. Also consider any WiFi access point as being
inherently secure, _do not_ place it inside the secure firewalled corporate
network. Additionally one could route all WiFi traffic through a server that
only routes traffic from legitimate VPN clients.


Kind regards

	Felipe Rodriquez